head	1.2;
access;
symbols
	RELEASE_5_3_0:1.1;
locks; strict;
comment	@# @;


1.2
date	2004.10.22.00.42.19;	author adamw;	state dead;
branches;
next	1.1;

1.1
date	2004.09.28.03.20.33;	author marcus;	state Exp;
branches;
next	;


desc
@@


1.2
log
@Update to 1.8a4. For now, if you're building with Xft2 support,
an explicit --disable-freetype2 is passed to the configure script.
@
text
@Index: mozilla/xpfe/communicator/resources/content/contentAreaDD.js
===================================================================
RCS file: /cvsroot/mozilla/xpfe/communicator/resources/content/contentAreaDD.js,v
retrieving revision 1.32
retrieving revision 1.32.88.1
diff -u -r1.32 -r1.32.88.1
--- xpfe/communicator/resources/content/contentAreaDD.js	10 Jul 2002 01:23:50 -0000	1.32
+++ xpfe/communicator/resources/content/contentAreaDD.js	27 Aug 2004 01:13:39 -0000	1.32.88.1
@@@@ -53,8 +53,11 @@@@
     {
       var url = transferUtils.retrieveURLFromData(aXferData.data, aXferData.flavour.contentType);
 
-      // valid urls don't contain spaces ' '; if we have a space it isn't a valid url so bail out
-      if (!url || !url.length || url.indexOf(" ", 0) != -1) 
+      // valid urls don't contain spaces ' '; if we have a space it
+      // isn't a valid url, or if it's a javascript: or data: url,
+      // bail out
+      if (!url || !url.length || url.indexOf(" ", 0) != -1 ||
+          /^\s*(javascript|data):/.test(url))
         return;
 
       switch (document.firstChild.getAttribute('windowtype')) {
@


1.1
log
@Patch the various recently reported security vulnerabilities in Mozilla.

This update covers the following Mozilla bugs:

245066
226669
250862
255067
256316
257317
258005

Thanks to nectar for scraping all of these patches together.

Obtained from:	Mozilla CVS
Approved by:	portmgr (implicit)
@
text
@@

